<?php

/**
 * @version		$Id: controller.php 16385 2010-04-23 10:44:15Z ian $
 * @package		Joomla
 * @subpackage	Content
 * @copyright	Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
 * @license		GNU/GPL, see LICENSE.php
 * Joomla! is free software. This version may have been modified pursuant to the
 * GNU General Public License, and as distributed it includes or is derivative
 * of works licensed under the GNU General Public License or other free or open
 * source software licenses. See COPYRIGHT.php for copyright notices and
 * details.
 */
// Check to ensure this file is included in Joomla!
defined('_JEXEC') or die('Restricted access');

jimport('joomla.application.component.controller');

/**
 * User Component Controller
 *
 * @package		Joomla
 * @subpackage	Weblinks
 * @since 1.5
 */
class UserController extends JController {

    /**
     * Method to display a view
     *
     * @access	public
     * @since	1.5
     */
    function display() {
        parent::display();
    }

    function edit() {
        global $mainframe, $option;

        $db = & JFactory::getDBO();
        $user = & JFactory::getUser();

        if ($user->get('guest')) {
            JError::raiseError(403, JText::_('Access Forbidden'));
            return;
        }

        JRequest::setVar('layout', 'form');

        parent::display();
    }

    function save() {
        // Check for request forgeries
        JRequest::checkToken() or jexit('Invalid Token');

        $user = & JFactory::getUser();
        $userid = JRequest::getVar('id', 0, 'post', 'int');
        
        //ghi log
        $comment = 'ユーザ情報は更新できた(古い情報：Name: '.$user->get('name').', Username: '.$user->get('username').', Email: '.$user->get('email').' ';

        // preform security checks
        if ($user->get('id') == 0 || $userid == 0 || $userid <> $user->get('id')) {
            JError::raiseError(403, JText::_('Access Forbidden'));
            return;
        }

        //clean request
        $post = JRequest::get('post');
        $post['username'] = JRequest::getVar('username', '', 'post', 'username');
        $post['password'] = JRequest::getVar('password', '', 'post', 'string', JREQUEST_ALLOWRAW);
        $post['password2'] = JRequest::getVar('password2', '', 'post', 'string', JREQUEST_ALLOWRAW);

        // get the redirect
        $return = JURI::base();

        // do a password safety check
        if (strlen($post['password']) || strlen($post['password2'])) { // so that "0" can be used as password e.g.
            if ($post['password'] != $post['password2']) {
                $msg = JText::_('PASSWORDS_DO_NOT_MATCH');
                // something is wrong. we are redirecting back to edit form.
                // TODO: HTTP_REFERER should be replaced with a base64 encoded form field in a later release
                $return = str_replace(array('"', '<', '>', "'"), '', @$_SERVER['HTTP_REFERER']);
                if (empty($return) || !JURI::isInternal($return)) {
                    $return = JURI::base();
                }
                $this->setRedirect($return, $msg, 'error');
                return false;
            }
        }

        // we don't want users to edit certain fields so we will unset them
        unset($post['gid']);
        unset($post['block']);
        unset($post['usertype']);
        unset($post['registerDate']);
        unset($post['activation']);

        // store data
        $model = $this->getModel('user');

        if ($model->store($post)) {
            $msg = JText::_('Your settings have been saved.');
        } else {
            //$msg	= JText::_( 'Error saving your settings.' );
            $msg = $model->getError();
        }
        
        //ghi log
        $comment .= '新しい情報：Name: '.$user->get('name').', Username: '.$user->get('username').', Email: '.$user->get('email').')';
        $this->userLog($comment);

        $this->setRedirect($return, $msg);
    }

    function cancel() {
        $this->setRedirect('index.php');
    }

    function login() {
        // Check for request forgeries
        JRequest::checkToken('request') or jexit('Invalid Token');

        global $mainframe;

        if ($return = JRequest::getVar('return', '', 'method', 'base64')) {
            $return = base64_decode($return);
            if (!JURI::isInternal($return)) {
                $return = '';
            }
        }

        $options = array();
        $options['remember'] = JRequest::getBool('remember', false);
        $options['return'] = $return;

        $credentials = array();
        $credentials['username'] = JRequest::getVar('username', '', 'method', 'username');
        $credentials['password'] = JRequest::getString('passwd', '', 'post', JREQUEST_ALLOWRAW);

        //preform the login action
        $error = $mainframe->login($credentials, $options);

        if (!JError::isError($error)) {
            // Redirect if the return url is not registration or login
            if (!$return) {
                $return = 'index.php?option=com_user';
            }

            $mainframe->redirect($return);
        } else {
            // Facilitate third party login forms
            if (!$return) {
                $return = 'index.php?option=com_user&view=login';
            }

            // Redirect to a login form
            $mainframe->redirect($return);
        }
    }

    function logout() {
        global $mainframe;

        //preform the logout action
        $error = $mainframe->logout();

        if (!JError::isError($error)) {
            if ($return = JRequest::getVar('return', '', 'method', 'base64')) {
                $return = base64_decode($return);
                if (!JURI::isInternal($return)) {
                    $return = '';
                }
            }

            // Redirect if the return url is not registration or login
            if ($return && !( strpos($return, 'com_user'))) {
                $mainframe->redirect($return);
            }
        } else {
            parent::display();
        }
    }

    /**
     * Prepares the registration form
     * @return void
     */
    function register() {
        $usersConfig = &JComponentHelper::getParams('com_users');
        if (!$usersConfig->get('allowUserRegistration')) {
            JError::raiseError(403, JText::_('Access Forbidden'));
            return;
        }

        $user = & JFactory::getUser();

        if ($user->get('guest')) {
            JRequest::setVar('view', 'register');
        } else {
            $this->setredirect('index.php?option=com_user&task=edit', JText::_('You are already registered.'));
        }

        parent::display();
    }

    /**
     * Save user registration and notify users and admins if required
     * @return void
     */
    function register_save() {
        global $mainframe;

        // Check for request forgeries
        JRequest::checkToken() or jexit('Invalid Token');

        // Get required system objects
        $user = clone(JFactory::getUser());
        $pathway = & $mainframe->getPathway();
        $config = & JFactory::getConfig();
        $authorize = & JFactory::getACL();
        $document = & JFactory::getDocument();

        // If user registration is not allowed, show 403 not authorized.
        $usersConfig = &JComponentHelper::getParams('com_users');
        if ($usersConfig->get('allowUserRegistration') == '0') {
            JError::raiseError(403, JText::_('Access Forbidden'));
            return;
        }

        // Initialize new usertype setting
        $newUsertype = $usersConfig->get('new_usertype');
        if (!$newUsertype) {
            $newUsertype = 'Registered';
        }

        // Bind the post array to the user object
        if (!$user->bind(JRequest::get('post'), 'usertype')) {
            JError::raiseError(500, $user->getError());
        }

        // Set some initial user values
        $user->set('id', 0);
        $user->set('usertype', $newUsertype);
        $user->set('gid', $authorize->get_group_id('', $newUsertype, 'ARO'));

        $date = & JFactory::getDate();
        $user->set('registerDate', $date->toMySQL());

        // If user activation is turned on, we need to set the activation information
        $useractivation = $usersConfig->get('useractivation');
        if ($useractivation == '1') {
            jimport('joomla.user.helper');
            $user->set('activation', JUtility::getHash(JUserHelper::genRandomPassword()));
            $user->set('block', '1');
        }

        // If there was an error with registration, set the message and display form
        if (!$user->save()) {
            JError::raiseWarning('', JText::_($user->getError()));
            $this->register();
            return false;
        }

        // Send registration confirmation mail
        $password = JRequest::getString('password', '', 'post', JREQUEST_ALLOWRAW);
        $password = preg_replace('/[\x00-\x1F\x7F]/', '', $password); //Disallow control chars in the email
        UserController::_sendMail($user, $password);

        // Everything went fine, set relevant message depending upon user activation state and display message
        if ($useractivation == 1) {
            $message = JText::_('REG_COMPLETE_ACTIVATE');
        } else {
            $message = JText::_('REG_COMPLETE');
        }

        //ghi log
        $comment = 'ユーザが追加できた(Name: '.$user->get('name').', Username: '.$user->get('username').', Email: '.$user->get('email').')';
        $this->userLog($comment);

        $this->setRedirect('index.php', $message);
    }

    function userLog($comment) {
        jimport('joomla.error.log');
        // Define the file name as a PHP constant
        define('USER_LOG', 'user.log.'.date('Y_m_d').'.php');
        
        $log = &JLog::getInstance(USER_LOG);

        // Just adding a comment
        $log->addEntry(array('comment' => $comment));
        
    }

    function activate() {
        global $mainframe;

        // Initialize some variables
        $db = & JFactory::getDBO();
        $user = & JFactory::getUser();
        $document = & JFactory::getDocument();
        $pathway = & $mainframe->getPathWay();

        $usersConfig = &JComponentHelper::getParams('com_users');
        $userActivation = $usersConfig->get('useractivation');
        $allowUserRegistration = $usersConfig->get('allowUserRegistration');

        // Check to see if they're logged in, because they don't need activating!
        if ($user->get('id')) {
            // They're already logged in, so redirect them to the home page
            $mainframe->redirect('index.php');
        }

        if ($allowUserRegistration == '0' || $userActivation == '0') {
            JError::raiseError(403, JText::_('Access Forbidden'));
            return;
        }

        // create the view
        require_once (JPATH_COMPONENT . DS . 'views' . DS . 'register' . DS . 'view.html.php');
        $view = new UserViewRegister();

        $message = new stdClass();

        // Do we even have an activation string?
        $activation = JRequest::getVar('activation', '', '', 'alnum');
        $activation = $db->getEscaped($activation);

        if (empty($activation)) {
            // Page Title
            $document->setTitle(JText::_('REG_ACTIVATE_NOT_FOUND_TITLE'));
            // Breadcrumb
            $pathway->addItem(JText::_('REG_ACTIVATE_NOT_FOUND_TITLE'));

            $message->title = JText::_('REG_ACTIVATE_NOT_FOUND_TITLE');
            $message->text = JText::_('REG_ACTIVATE_NOT_FOUND');
            $view->assign('message', $message);
            $view->display('message');
            return;
        }

        // Lets activate this user
        jimport('joomla.user.helper');
        if (JUserHelper::activateUser($activation)) {
            // Page Title
            $document->setTitle(JText::_('REG_ACTIVATE_COMPLETE_TITLE'));
            // Breadcrumb
            $pathway->addItem(JText::_('REG_ACTIVATE_COMPLETE_TITLE'));

            $message->title = JText::_('REG_ACTIVATE_COMPLETE_TITLE');
            $message->text = JText::_('REG_ACTIVATE_COMPLETE');
        } else {
            // Page Title
            $document->setTitle(JText::_('REG_ACTIVATE_NOT_FOUND_TITLE'));
            // Breadcrumb
            $pathway->addItem(JText::_('REG_ACTIVATE_NOT_FOUND_TITLE'));

            $message->title = JText::_('REG_ACTIVATE_NOT_FOUND_TITLE');
            $message->text = JText::_('REG_ACTIVATE_NOT_FOUND');
        }

        $view->assign('message', $message);
        $view->display('message');
    }

    /**
     * Password Reset Request Method
     *
     * @access	public
     */
    function requestreset() {
        // Check for request forgeries
        JRequest::checkToken() or jexit('Invalid Token');

        // Get the input
        $email = JRequest::getVar('email', null, 'post', 'string');

        // Get the model
        $model = &$this->getModel('Reset');

        // Request a reset
        if ($model->requestReset($email) === false) {
            $message = JText::sprintf('PASSWORD_RESET_REQUEST_FAILED', $model->getError());
            $this->setRedirect('index.php?option=com_user&view=reset', $message);
            return false;
        }

        $this->setRedirect('index.php?option=com_user&view=reset&layout=confirm');
    }

    /**
     * Password Reset Confirmation Method
     *
     * @access	public
     */
    function confirmreset() {
        // Check for request forgeries
        JRequest::checkToken() or jexit('Invalid Token');

        // Get the input
        $token = JRequest::getVar('token', null, 'post', 'alnum');
        $username = JRequest::getVar('username', null, 'post');

        // Get the model
        $model = &$this->getModel('Reset');

        // Verify the token
        if ($model->confirmReset($token, $username) !== true) {
            $message = JText::sprintf('PASSWORD_RESET_CONFIRMATION_FAILED', $model->getError());
            $this->setRedirect('index.php?option=com_user&view=reset&layout=confirm', $message);
            return false;
        }
        $this->setRedirect('index.php?option=com_user&view=reset&layout=complete');
    }

    /**
     * Password Reset Completion Method
     *
     * @access	public
     */
    function completereset() {
        // Check for request forgeries
        JRequest::checkToken() or jexit('Invalid Token');

        // Get the input
        $password1 = JRequest::getVar('password1', null, 'post', 'string', JREQUEST_ALLOWRAW);
        $password2 = JRequest::getVar('password2', null, 'post', 'string', JREQUEST_ALLOWRAW);

        // Get the model
        $model = &$this->getModel('Reset');

        // Reset the password
        if ($model->completeReset($password1, $password2) === false) {
            $message = JText::sprintf('PASSWORD_RESET_FAILED', $model->getError());
            $this->setRedirect('index.php?option=com_user&view=reset&layout=complete', $message);
            return false;
        }

        $message = JText::_('PASSWORD_RESET_SUCCESS');
        $this->setRedirect('index.php?option=com_user&view=login', $message);
    }

    /**
     * Username Reminder Method
     *
     * @access	public
     */
    function remindusername() {
        // Check for request forgeries
        JRequest::checkToken() or jexit('Invalid Token');

        // Get the input
        $email = JRequest::getVar('email', null, 'post', 'string');

        // Get the model
        $model = &$this->getModel('Remind');

        // Send the reminder
        if ($model->remindUsername($email) === false) {
            $message = JText::sprintf('USERNAME_REMINDER_FAILED', $model->getError());
            $this->setRedirect('index.php?option=com_user&view=remind', $message);
            return false;
        }

        $message = JText::sprintf('USERNAME_REMINDER_SUCCESS', $email);
        $this->setRedirect('index.php?option=com_user&view=login', $message);
    }

    function _sendMail(&$user, $password) {
        global $mainframe;

        $db = & JFactory::getDBO();

        $name = $user->get('name');
        $email = $user->get('email');
        $username = $user->get('username');

        $usersConfig = &JComponentHelper::getParams('com_users');
        $sitename = $mainframe->getCfg('sitename');
        $useractivation = $usersConfig->get('useractivation');
        $mailfrom = $mainframe->getCfg('mailfrom');
        $fromname = $mainframe->getCfg('fromname');
        $siteURL = JURI::base();

        $subject = sprintf(JText::_('Account details for'), $name, $sitename);
        $subject = html_entity_decode($subject, ENT_QUOTES);

        if ($useractivation == 1) {
            $message = sprintf(JText::_('SEND_MSG_ACTIVATE'), $name, $sitename, $siteURL . "index.php?option=com_user&task=activate&activation=" . $user->get('activation'), $siteURL, $username, $password);
        } else {
            $message = sprintf(JText::_('SEND_MSG'), $name, $sitename, $siteURL);
        }

        $message = html_entity_decode($message, ENT_QUOTES);

        //get all super administrator
        $query = 'SELECT name, email, sendEmail' .
                ' FROM #__users' .
                ' WHERE LOWER( usertype ) = "super administrator"';
        $db->setQuery($query);
        $rows = $db->loadObjectList();

        // Send email to user
        if (!$mailfrom || !$fromname) {
            $fromname = $rows[0]->name;
            $mailfrom = $rows[0]->email;
        }

        JUtility::sendMail($mailfrom, $fromname, $email, $subject, $message);

        // Send notification to all administrators
        $subject2 = sprintf(JText::_('Account details for'), $name, $sitename);
        $subject2 = html_entity_decode($subject2, ENT_QUOTES);

        // get superadministrators id
        foreach ($rows as $row) {
            if ($row->sendEmail) {
                $message2 = sprintf(JText::_('SEND_MSG_ADMIN'), $row->name, $sitename, $name, $email, $username);
                $message2 = html_entity_decode($message2, ENT_QUOTES);
                JUtility::sendMail($mailfrom, $fromname, $row->email, $subject2, $message2);
            }
        }
    }

}

?>
